Forwarding packets generated through a VPN connection to a different subnet
Manas Bhatnagar
b.manas.88 at gmail.com
Tue Dec 9 01:01:29 UTC 2014
Hello,
I have an OpenVPN server that is configured to hand out IP addresses on the
10.8.0.0/24 network, it creates a tun0 device. I also have an interface on
the machine that is configured with the IP 10.8.1.11, this is on the em1
interface. I am able to ping to other machines on the 10.8.1.0/24 network
from the machine. However, as an OpenVPN client, when I try to ping any
address on the 10.8.1.0/24 network other than 10.8.1.11, I do not receive a
response. My attempt at making this work was through using NAT with PF.
This is the line in my /etc/pf.conf
nat on tun0 from 10.8.0.0/24 to 10.8.1.0/24 -> (em1)
When I run tcpdump -i tun0 on the machine I see the ICMP packets being
generated by the OpenVPN client. But, when I check the traffic on em1 with
tcpdump the source address is still in the 10.8.0.0/24 range.
I have also tried the following pf.conf:
rdr on tun0 from 10.8.0.0/24 to 10.8.1.0/24 -> (em1)
nat on em1 from 10.8.0.0/24 to 10.8.1.0/24 -> (em1)
rdr on em1 from 10.8.1.0/24 to 10.8.0.0/24 -> (tun0)
With the same results.
Please let me know how this can be configured. This is on 10.1-RELEASE.
Thanks,
Manas
More information about the freebsd-pf
mailing list